Generic security advice is good, but tailored advice is much better. Everyone’s situation is a little different. What are you trying to protect? Who or what are you trying to protect it from? What are the consequences of failure? This is called threat modeling. And thankfully, the wonderful folks at Consumer Reports have a free, easy-to-use Security Planner tool that will help anyone do this assessment and provide custom solutions. My guest today is Yael Grauer, who will help us understand how to think about our security and how the CR tool can help you protect your data and devices. Interview Notes Consumer Reports Security Planner tool: https://securityplanner.consumerreports.org/  Yael’s website: https://yaelwrites.com/  Big Ass Data Broker Opt Out List (BADBOOL): https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List  Consumer Reports advocacy: https://advocacy.consumerreports.org/  CR’s Digital Standard: https://thedigitalstandard.org/  CR’s Consumer Readiness Report 2024 (PDF): https://innovation.consumerreports.org/wp-content/uploads/2024/09/2024-Consumer-Cyber-Readiness-Report.pdf  How to choose a PIN code: https://firewallsdontstopdragons.com/how-to-choose-a-pin/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:07: Intro 0:01:07: Interview setup 0:02:35: Yael introduction 0:04:19: What questions should we answer to get useful security advice? 0:06:41: How does Security Planner work? 0:08:03: How does Security Planner tailor its suggestions? 0:10:58: How do you decide what the most important factors are for security? 0:15:11: What might trigger me to re-run this tool and get a fresh report? 0:17:18: How does Consumer Reports research its recommendations? 0:19:59: How does CR vet the products and services that it recommends? 0:23:18: How do you weight things like convenience and ease of use? 0:27:34: Is it okay to make people pay for basic security features? 0:35:08: What role should government play in pushing for better security? 0:36:55: How important is transparency for driving better security? 0:39:15: What did the CR Cyber Readiness survey reveal? 0:43:22: Why do we choose bad passwords? 0:45:55: Why don’t companies provider better support for security problems? 0:51:39: What’s next for you and CR? How do we get updates? 0:53:43: Interview wrap-up 0:56:20: Patron bonus content preview 0:57:06: Looking ahead

Privacy is a human right – and you don’t have to justify rights, you just have them. That’s kinda the whole point. But you do need to exercise them and defend them sometimes. It has been leaked that the UK is telling Apple to reveal the encrypted data of every single one of their users to the UK government under the auspices of the Investigatory Powers Act (and its recent controversial Amendment). This would be a privacy and security disaster, and we were not even supposed to know about it. In other news: Netgear warns of serious router bugs (so update your firmware now); DeepSeek AI app has serious security and privacy problems, but the AI model has real promise in other ways; AngelSense personal customer data exposed; Cybercrime groups exploit 7-Zip app flaws to bypass Windows protections; some clever Mac and iOS malware making the rounds; new Android Identity Check feature released, and I introduce some Privacy Enhancing Technologies. Article Links [Bleeping Computer] Netgear warns users to patch critical WiFi router vulnerabilities https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-critical-wifi-router-vulnerabilities/ [krebsonsecurity.com] Experts Flag Security, Privacy Risks in DeepSeek AI App https://krebsonsecurity.com/2025/02/experts-flag-security-privacy-risks-in-deepseek-ai-app/ [techcrunch.com] AngelSense exposed location data and personal information of tracked users https://techcrunch.com/2025/01/30/angelsense-exposed-location-data-and-personal-information-of-tracked-users/ [The Hacker News] Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html [appleinsider.com] New macOS malware disguises itself as Chrome & Zoom installers https://appleinsider.com/articles/25/02/04/new-macos-malware-disguises-itself-as-chrome-zoom-installers [macrumors.com] Apple Removed Apps Infested With Screen Reading Malware https://www.macrumors.com/2025/02/06/apple-removed-screen-reading-malware-apps/ [Bleeping Computer] New Android Identity Check locks settings outside trusted locations https://www.bleepingcomputer.com/news/security/new-android-identity-check-locks-settings-outside-trusted-locations/ [theverge.com] Apple ordered to open encrypted user accounts globally to UK spying https://www.theverge.com/news/608145/apple-uk-icloud-encrypted-backups-spying-snoopers-charter Tip of the Week: https://firewallsdontstopdragons.com/privacy-enhancing-technologies-pet/  Further Info Securing your router:  https://firewallsdontstopdragons.com/secure-your-network-4-remediate/  Objective-See tools: https://objective-see.org/  Recommend news stories: send to news [at] firewallsdontstopdragons.com  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:06: Intro 0:00:20: Tax scams, ID.me 0:02:54: News preview 0:05:01: Netgear router vulnerabilities 0:08:17: DeepSeek AI has security problems, but also shows promise 0:19:36: AngelSense exposed personal information of tracked users 0:26:23: Russian Cybercrime Groups Exploiting 7-Zip Flaw 0:35:44: macOS stealer malware disguises itself as fake installer 0:42:30: New Apple malware uses OCR to mine secrets 0:46:00: New Android Identity Check locks settings outside trusted locations 0:49:10: Apple ordered to open encrypted user accounts globally to UK spying 1:04:56: Tip of the Week: Privacy Enhancing Technologies 1:06:36: Looking ahead

In the real world, we present different aspects of ourselves in different environments: home, work, family, friends, school, etc. Why can’t we do this in the virtual world, as well? While marketers love to identify us with unique identifiers so they can track us mercilessly, there are tools we can use that will allow us to compartmentalize our digital lives just like we can in the real world. Today we’ll discuss the notion of decentralized identity with Dr. Paul Ashley, CTO of Anonyome Labs who runs the MySudo service. Interview Notes MySudo: https://anonyome.com/individuals/mysudo/  Anonyome Labs: https://anonyome.com/  Open Wallet Foundation: https://openwallet.foundation/  Verifiable Credentials (W3C): https://www.w3.org/TR/vc-data-model/  Privacy is Power interview: https://podcast.firewallsdontstopdragons.com/2024/11/25/privacy-is-power-2/  EFF on digital wallets: https://www.eff.org/deeplinks/2024/09/digital-id-isnt-everybody-and-thats-okay Further Info Recommend news stories: send to news [at] firewallsdontstopdragons.com  Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:14: Intro 0:00:38: Getting more non-US news stories 0:02:44: Still waiting on big winner to reply 0:03:15: Intervew setup 0:05:23: How did Anonyome Labs get started? 0:12:20: Which identifiers are most valuable for tracking people? 0:15:19: Can you explain “de-centralized IDs ” and “identity wallets”? 0:24:28: Are there open standards for digital ID? 0:29:20: Can digital ID be used to privately verify your age online? 0:32:18: Can email relay companies see all your emails? 0:36:31: How about using a custom domain for creating email aliases? 0:38:50: Don’t a lot of sites reject email and phone numbers from alias services? 0:43:17: Do social media companies allow you to have multiple accounts? 0:46:37: What about ad ID’s and fingerprinting? 0:51:21: What happens if your virtual ID company goes bad or goes dark? 0:55:36: Can I trust the virtual ID companies with my privacy? 0:59:07: Are there downsides or gotchas to using services like these? 1:00:51: How can we convince companies to respect our privacy? 1:04:48: What else is MySudo working on? 1:07:41: Interview wrap-up 1:08:17: Patron preview 1:08:42: Looking ahead

Software plugins allow you to add functionality to existing applications. Web browsers commonly use these extensions to add functionality like shopping helpers, password managers, ad blockers and much, much more. In a way, these add-ons are like “apps” for the browser. Like apps, they can view and manipulate your data. In the browser, they may alter the web page, track pages you visit, and even mine any data you might enter into web forms. Also like apps, plugins can have permissions which you must agree to when you install them. Therefore, we need to be very careful which plugins we install and make sure we trust the maker. Today I’ll explain how to audit your plugins. In other news: The TikTok ban has been given a 75-day reprieve; the Trump administration fires scores of cybersecurity experts; Apple Intelligence will soon be enabled by default on iPhones and Macs; some clever researchers have hacked the iPhone USB-C connection; a tricky new smishing campaign tricks users into bypassing Apple protections; PowerSchool hack affects 62M students and 9M teachers; new AI took can identify where a photo was taken; Subaru hack exposes scary amount of location data collection; fuzzing tool find over 100 bugs in modern cellular network; Texas sues Allstate for using private car data; FTC to ban GM from sharing location info; exercise equipment collects lots of personal data; federal court finally rules that Section 702 FISA data access requires a warrant. Article Links [theverge.com] Trump signs order refusing to enforce TikTok ban for 75 days https://www.theverge.com/2025/1/20/24348213/trump-tiktok-ban-executive-order-sale-delay-china [techcrunch.com] Trump administration fires members of cybersecurity review board in “horribly shortsighted” decision https://techcrunch.com/2025/01/22/trump-administration-fires-members-of-cybersecurity-review-board-in-horribly-shortsighted-decision/ [macrumors.com] macOS Sequoia 15.3 and iOS 18.3 Enable Apple Intelligence Automatically https://www.macrumors.com/2025/01/21/macos-sequoia-15-3-apple-intelligence-opt-out/ [9to5mac.com] Security vulnerability in iPhone’s USB-C port, and a gotcha with iMessage scams https://9to5mac.com/2025/01/14/security-vulnerability-in-iphones-usb-c-port-and-a-gotcha-with-imessage-scams/ [Tech Radar] PowerSchool hack keeps getting worse – 62 million students now thought to be affected https://www.techradar.com/pro/security/powerschool-hack-keeps-getting-worse-62-million-students-now-thought-to-be-affected [404media.co] The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds https://www.404media.co/the-powerful-ai-tool-that-cops-or-stalkers-can-use-to-geolocate-photos-in-seconds/ [wired.com] Subaru Security Flaws Exposed Its System for Tracking Millions of Cars https://www.wired.com/story/subaru-location-tracking-vulnerabilities/ [The Hacker News] RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations https://thehackernews.com/2025/01/ransacked-over-100-security-flaws-found.html [gizmodo.com] Texas Sues Allstate for Collecting Driver Data to Raise Premiums https://gizmodo.com/texas-sues-allstate-for-collecting-driver-data-to-raise-premiums-2000549878 [techcrunch.com] GM banned from sharing driving and location data with insurance companies https://techcrunch.com/2025/01/17/gm-banned-from-sharing-driving-and-location-data-with-insurance-companies/ [consumerreports.org] Your Exercise Bike Knows a Lot About You—and It Doesn’t Keep Every Secret https://www.consumerreports.org/health/health-privacy/exercise-machine-privacy-a3907557984/ [eff.org] VICTORY! Federal Court (Finally) Rules Backdoor Searches of 702 Data Unconstitutional https://www.eff.org/deeplinks/2025/01/victory-federal-court-finally-rules-backdoor-searches-702-data-unconstitutional Tip of the Week: Treat Extensions Like Apps: https://firewallsdontstopdragons.com/treat-extensions-like-apps/  Further Info Data Privacy Week 2025: https://firewallsdontstopdragons.com/data-privacy-week-2025/  Private TikTok web app: https://www.sticktock.com/  Enabling Apple’s Advanced Data Protection: https://support.apple.com/en-us/108756  OSINT location analysis examples: https://gralhix.com/list-of-osint-exercises/osint-exercise-001/  Claw Your Data Back tool: https://cyd.social/  Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:07: Intro 0:01:03: Listener survey ended 0:01:37: News preview 0:03:54: Trump signs order refusing to enforce TikTok ban for 75 days 0:10:02: Trump administration fires members of cybersecurity review board in “horribly shortsighted” decision 0:14:50: macOS Sequoia 15.3 and iOS 18.3 Enable Apple Intelligence Automatically 0:21:51: Security vulnerability in iPhone’s USB-C port, and a gotcha with iMessage scams 0:24:51: Clever iPhone Smishing attack 0:28:35: PowerSchool hack keeps getting worse 0:32:55: The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds 0:43:37: Subaru Security Flaws Exposed Its System for Tracking Millions of Cars 0:49:28: 5G fuzzing 0:54:02: Allstate sued, FTC Bans GM data selling, fitness device data 0:56:52: FISA 702 court victory 1:01:23: Tip of the Week: Treat Plugins Like Apps 1:08:12: Wrap up and looking ahead

There are way too many data brokers and they have way too much of our data. We’ve talked a lot lately about what you can do to reclaim your privacy and claw back some of that data and today I’m going to give you yet another interesting tool for your privacy toolbox: Permission Slip. This app and the related service, brought to you by Consumer Reports, will work on your behalf to request that these data brokers relinquish your information, or at least suppress the sharing of that data to the extent that’s legally possible. The tool has some helpful and interesting features that you may not find on other, similar services. Sukhi Gulati GIlbert is my guest today and will explain why you should consider using this tool and how it supports the overall effort to rein in dangerous business of data mining. Interview Notes Permission Slip app: https://permissionslipcr.com/  Protecting Your Privacy Online: https://www.consumerreports.org/electronics/privacy/from-our-president-protecting-your-privacy-online-a1603013649/  Digital Security & Privacy: https://www.consumerreports.org/digital-security-privacy/  CR Report on data deletion services (PDF): https://innovation.consumerreports.org/wp-content/uploads/2024/08/Data-Defense_-Evaluating-People-Search-Site-Removal-Services-.pdf  California data broker registry: https://cppa.ca.gov/data_broker_registry/  How to download the Vermont data broker list (which doesn’t seem to work): https://www.muckrock.com/foi/vermont-80/vermont-data-broker-db-107096/  My article series on data deletion: https://firewallsdontstopdragons.com/osint-reconnaissance/  Further Info Annual listener survey!! https://fdsd.me/survey2025  Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:12: Intro 0:00:51: Couple quick news notes 0:01:45: Last call: listener survey 0:02:47: Interview setup 0:03:48: What brought you to Consumer Reports and the Permission Slip app? 0:07:19: How does Permission Slip compare to other data deletion services? 0:14:17: Where are the data brokers getting so much of our personal info? 0:17:00: How do I use Permission Slip? 0:21:47: What info does Permission Slip give to brokers? 0:24:42: Is it more effective to request data deletion yourself versus using a service? 0:31:12: What level of success should I expect when deleting my data? 0:33:16: Are there any limitations or exclusions for data deletion? 0:38:19: What if you live in a state or country with no privacy laws? 0:39:44: Can we limit access to our public data records? 0:41:24: Does freezing your credit do anything to limit data sharing? 0:43:53: How broken is the ‘notice and consent’ model for privacy? 0:45:57: Would it help to actively spread incorrect personal info? 0:48:31: How else can we reduce our data footprint? 0:50:04: What’s next for Consumer Reports in terms of privacy? 0:53:46: What does Permission Slip Pro cost? 0:55:19: Interview wrap-up 0:59:11: Patron content preview 0:59:50: Looking ahead

The start of a new year is always a good time to add some big juicy goals to your to-do list – call them New Year’s Resolutions, if that works for you, but really it’s just about making up your mind to tackle some important personal objectives. Today I’ll give you several ideas to improve your privacy and security in 2025, and those around you. In the news: dozens of malicious Chrome Browser extensions identified; net neutrality is dead, again, and probably for good this time; Apple to pay a meager $95M to settle a Siri privacy class action suit; Apple’s new Enhanced Visual Search is enabled by default and sending data to Apple; proposed ban on TP-Link routers is missing the real problem; Google’s change in its Privacy Sandbox policy seems to now allow the use of device fingerprinting; proposed HIPAA amendments will close major health data security gaps. Article Links [Ars Technica] Time to check if you ran any of these 33 malicious Chrome extensions https://arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/ Terms of service study: https://www.helpnetsecurity.com/2016/07/14/agree-terms-conditions-lie/  [nytimes.com] Net Neutrality Rules Struck Down by Appeals Court https://www.nytimes.com/2025/01/02/technology/net-neutrality-rules-fcc.html [reuters.com] Apple to pay $95 million to settle Siri privacy lawsuit https://www.reuters.com/legal/apple-pay-95-million-settle-siri-privacy-lawsuit-2025-01-02/ [macrumors.com] Apple Says Siri Data Has Never Been Sold or Used for Marketing  https://www.macrumors.com/2025/01/06/apple-siri-data-not-sold-for-marketing/  [9to5mac.com] Enhanced Visual Search shares your photos with Apple by default, to identify landmarks https://9to5mac.com/2024/12/30/enhanced-visual-search-shares-your-photos-with-apple-by-default-to-identify-landmarks/ [csoonline.com] No evidence that TP-Link routers are a Chinese security threat https://www.csoonline.com/article/3504775/no-evidence-that-tp-link-routers-are-a-chinese-security-threat.html [Lukasz Olejnik blog] Biggest Privacy Erosion in 10 Years? On Google’s Policy Change Towards Fingerprinting https://blog.lukaszolejnik.com/biggest-privacy-erosion-in-10-years-on-googles-policy-change-towards-fingerprinting/ [Dark Reading] Proposed HIPAA Amendments Will Close Healthcare Security Gaps https://www.darkreading.com/cyber-risk/proposed-hipaa-amendments-close-healthcare-security-gaps Tip of the Week: https://firewallsdontstopdragons.com/new-years-resolutions-2025/  Further Info Annual listener survey!! https://fdsd.me/survey2025  Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:07: Intro 0:01:24: News preview 0:02:59: Time to check if you ran any of these 33 malicious Chrome extensions 0:12:51: Net Neutrality Rules Struck Down by Appeals Court 0:16:49: Apple to pay $95 million to settle Siri privacy lawsuit 0:19:02: Apple Says Siri Data Has Never Been Sold or Used for Marketing 0:26:29: Enhanced Visual Search shares your photos with Apple by default 0:35:23: No evidence that TP-Link routers are a Chinese security threat 0:47:01: Biggest Privacy Erosion in 10 Years? On Google’s Policy Change Towards Fingerprinting 0:53:08: Proposed HIPAA Amendments Will Close Healthcare Security Gaps 0:57:16: Tip of the Week: New Years Resolutions for 2025! 1:04:53: Wrap-up

There are many ways in which we are tracked in the real world, but one of the most ubiquitous and insidious technologies is Automated License Plate Readers. These camera systems are deployed in just about every city by both public and private organizations. Furthermore, the third parties who sell and operate these systems collect and collate data from around the country, making it available to law enforcement and marketing firms. Because these systems capture images of your car, they can also document the make, model and color, any distinguishing marks, and even bumper stickers. Today we’ll discuss how and where these systems are deployed, who has access to the data, the repercussions of this mass surveillance and how it can go horribly wrong with my guests Adam Schwartz and Gowri Nayar from the Electronic Frontier Foundation. Interview Notes Donate to the EFF: https://supporters.eff.org/donate/join-eff-today  The Human Toll of ALPR Errors: https://www.eff.org/deeplinks/2024/11/human-toll-alpr-errors  EFF’s Street Level Surveillance: https://sls.eff.org/  Community Control of Police Surveillance (CCOPS): https://www.eff.org/issues/community-control-police-surveillance-ccops  US 100-mile “border zone” facts: https://www.aclu.org/know-your-rights/border-zone  Flock camera map: https://www.404media.co/the-open-source-project-deflock-is-mapping-license-plate-surveillance-cameras-all-over-the-world/  DeFlock: https://deflock.me  Flock transparency page example: https://transparency.flocksafety.com/riverside-county-ca-sd  Further Info Annual listener survey!! https://fdsd.me/survey2025  Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:20: Intro 0:01:24: Listener survey and book giveaway 0:03:16: ShmooCon in DC this weekend 0:04:21: Interview setup 0:05:27: What prompted you to write about ALPRs? 0:08:11: How do ALPRs work and what info can they capture? 0:10:14: How long have ALPRs been around and how is EFF tracking their use? 0:11:34: Where are these systems deployed? How do we recognize them? 0:14:19: How does mobile ALPR data collection work? 0:15:58: Are police departments transparent about the use of ALPRs? 0:18:09: Is there a way know where ALPR systems are deployed? 0:20:46: How accurate are ALPRs? What are the consequences of failure? 0:22:37: Are license plate “hot lists” shared across jurisdictions? 0:25:41: Where is ALPR data stored? For how long? Who has access? 0:27:40: Is ALPR data shared among local and federal agencies? How often is the data abused? 0:31:04: Do the ALPR system operators sell this data to anyone else? 0:36:04: What legal expectation of privacy do I have in public spaces? 0:42:57: How does the legal “third party doctrine” apply to ALPR data? 0:45:01: How do we balance the need to catch bad guys with the use of surveillance tech? 0:50:18: Is there any surveillance tech that EFF feels should be banned outright? 0:52:17: Does EFF consult with law enforcement on deployment of surveillance tech? 0:53:05: If we’re concerned about surveillance tech being deployed, what can we do? 0:58:19: Interview wrap-up 0:59:29: Notes on the “border zone” width in the US 1:01:09: Patron preview 1:02:01: Survey reminder 1:02:50: Looking ahead

Micah Lee, a journalist and author known for his work during the Snowden document release, shares compelling insights on the intersection of journalism, ethics, and government surveillance. He discusses the challenges of handling sensitive information, especially in light of data leaks and the NSA's practices. Lee emphasizes the importance of strong security measures like HTTPS and reflects on the critical balance journalists must strike between public interest and privacy concerns. His commentary sheds light on the evolving landscape of privacy in the digital age.

I’m digging into the vault for a classic replay! I first interviewed Phil Zimmermann, creator of Pretty Good Privacy (PGP), on May 7, 2018. It was Episode 63 (we’re now at 408) and it was entitled “We Now Live in the Golden Age of Surveillance”. In this episode we talk a little about the origins of PGP in the 1990’s and what he feels about the FBI’s claims that we’re “going dark” due to strong end-to-end encrypted communications. I’ve added some new commentary, but the original episode is preserved in all of its original glory! Interview Notes Original Ep63 interview: https://podcast.firewallsdontstopdragons.com/2018/05/07/we-now-live-in-the-golden-age-of-surveillance/ Ep214: Social Media is Ruining Society https://podcast.firewallsdontstopdragons.com/2021/04/05/social-media-is-ruining-society/  Ep243: Through the Past, Privately: PGP Turns 30 https://podcast.firewallsdontstopdragons.com/2021/10/25/through-the-past-privately-pgp-turns-30/  Phil Zimmermann’s website: https://philzimmermann.com/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:26: Flashback setup 0:02:18: Original intro 0:03:20: What drove you to create PGP? 0:06:32: Why were you prosecuted for PGP? 0:13:08: Isn’t banning cryptography like trying to ban math? 0:15:13: What’s the difference between security and privacy? 0:17:04: Is it possible to be truly anonymous online today? 0:19:06: How is the average person tracking online today? 0:21:49: What are the most private ways to communicate online? 0:24:44: How do we identify trustworthy attachments? 0:25:30: How secure is SMS (texting)? 0:29:41: Are we “going dark”? 0:32:44: Can we escape mass surveillance? 0:36:35: What’s next for you? 0:38:09: Original interview wrap-up 0:40:38: Flashback wrap-up 0:41:00: ShmooCon 2025 0:41:56: Looking ahead

I’ve had some truly amazing interviews this past year. For your listening enjoyment, I’ve curated a set of clips from some of the best shows, creating a sampler platter of stellar audio content from some amazing guests! If you’ve never listened to my podcast, this will give you a taste of what you’re missing! If you’re a regular listener, this will be a fun trip down memory lane, complete with a little new commentary. Enjoy! Original Interview Links Ep362: Patrick Wardle https://podcast.firewallsdontstopdragons.com/2024/02/05/securing-your-mac/  Ep364: Jen Caltrider https://podcast.firewallsdontstopdragons.com/2024/02/19/car-privacy-is-horrid/  Ep366: 404 Media https://podcast.firewallsdontstopdragons.com/2024/03/04/how-our-data-is-abused/    Ep375: Dina Temple-Raston https://podcast.firewallsdontstopdragons.com/2024/05/13/inside-ukraines-it-army/  Ep378: Naomi Brockwell https://podcast.firewallsdontstopdragons.com/2024/05/27/why-privacy-matters/  Ep380: Joseph Cox https://podcast.firewallsdontstopdragons.com/2024/06/10/anom-the-fbis-phone-company/  Ep382: Byron Tau https://podcast.firewallsdontstopdragons.com/2024/06/24/means-of-control/  Ep386: Jason Edison https://podcast.firewallsdontstopdragons.com/2024/07/22/open-source-intelligence/  Ep392: Andy Yen https://podcast.firewallsdontstopdragons.com/2024/09/02/crazy-proton-summer/  Ep398: Space Rogue (Cris Thomas) https://podcast.firewallsdontstopdragons.com/2024/10/14/l0pht-heavy-industries/  Ep400: Bruce Schneier https://podcast.firewallsdontstopdragons.com/2024/10/28/episode-400-special/  Ep402: Stacey Higginbotham https://podcast.firewallsdontstopdragons.com/2024/11/11/cutting-the-software-tether/  Ep404: Carissa Veliz https://podcast.firewallsdontstopdragons.com/2024/11/25/privacy-is-power-2/  Related Links Objective-See: https://objective-see.org/  404 Media: https://www.404media.co/  Privacy Not Included: https://foundation.mozilla.org/en/privacynotincluded/  Click Here: https://therecord.media/podcast  NBTV: https://www.nbtv.media/  Dark Wire: https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691/  Means of Control: https://www.penguinrandomhouse.com/books/706321/means-of-control-by-byron-tau/  Intel Techniques: https://inteltechniques.com/  Proton: https://proton.me/  Space Rogue book: https://www.amazon.com/Space-Rogue-Hackers-Known-Changed-ebook/dp/B0BRQWPBGL Schneier Blog: https://www.schneier.com/ Privacy is Power: https://www.penguinrandomhouse.com/books/673341/privacy-is-power-by-carissa-veliz/   Further Info Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:26: Show preview 0:02:22: Ep362: Patrick Wardle – Mac hardening 0:05:55: Ep364: Jen Caltrider – Car privacy not included 0:11:13: Ep366: 404 Media – abuse of public camera data 0:21:35: Ep375: Dina Temple-Raston – what we should learn from the cyber war in Ukraine 0:30:41: Ep378: Naomi Brockwell – fighting for our privacy 0:36:40: Ep380: Joseph Cox – what did law enforcement learn from Anom? 0:39:22: Ep382: Byron Tau – how law enforcement hides their data gathering 0:45:43: Ep386: Jason Edison – how does law enforcement view mass surveillance? 0:57:10: Ep392: Andy Yen – why Proton embraced AI tech 1:04:08: Ep398: Space Rogue (Cris Thomas) – do you need a college degree to work in cybersecurity? 1:11:05: Ep400: Bruce Schneier – how AI will change politics and law 1:19:02: Ep402: Stacey Higginbotham – escrowing money to address IoT software tethering problems 1:22:50: Ep404: Carissa Veliz – will the younger generation every have privacy? 1:30:31: Looking ahead